Security
Headlines
HeadlinesLatestCVEs

Source

Packet Storm

Surveilling The Masses With Wi-Fi-Based Positioning Systems

In this paper, the authors show that Apple's WPS can be abused to create a privacy threat on a global scale. They present an attack that allows an unprivileged attacker to amass a worldwide snapshot of Wi-Fi BSSID geolocations in only a matter of days. Their attack makes few assumptions, merely exploiting the fact that there are relatively few dense regions of allocated MAC address space. Applying this technique over the course of a year, they learned the precise locations of over 2 billion BSSIDs around the world. The privacy implications of such massive datasets become more stark when taken longitudinally, allowing the attacker to track devices' movements.

Packet Storm
#mac#apple#git#auth#wifi
FleetCart 4.1.1 Information Disclosure

FleetCart version 4.1.1 suffers from an information leakage vulnerability.

Ubuntu Security Notice USN-6736-2

Ubuntu Security Notice 6736-2 - USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code.

Ubuntu Security Notice USN-6777-4

Ubuntu Security Notice 6777-4 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-6663-3

Ubuntu Security Notice 6663-3 - USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 24.04 LTS. As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS#1 v1.5 RSA to prevent its use in possible Bleichenbacher timing attacks.

Ubuntu Security Notice USN-6783-1

Ubuntu Security Notice 6783-1 - It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use this issue to cause VLC to crash, resulting in a denial of service, or potential arbitrary code execution.

Red Hat Security Advisory 2024-3319-03

Red Hat Security Advisory 2024-3319-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.

Red Hat Security Advisory 2024-3318-03

Red Hat Security Advisory 2024-3318-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-3316-03

Red Hat Security Advisory 2024-3316-03 - Migration Toolkit for Applications 7.0.3 release. Issues addressed include denial of service and password leak vulnerabilities.

Red Hat Security Advisory 2024-3315-03

Red Hat Security Advisory 2024-3315-03 - Red Hat OpenShift Virtualization release 4.13.9 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.